Least Privilege on Shared Systems
Extending secure access on a heterogeneous system can be complex. One component of the system may have access to a secret, but another may not. And, of course, when a secret gets out, it isn't a secret anymore.
I'm designing a secret system on a third-party data integration tool and I ran across this article.
Important takeaways:
Encrypt secrets
Without giving containers and services an identity, it is not possible to protect and restrict access to secrets with access control policies
Give identity to only the project that needs the resource, not the whole environment
Use ephemeral resources to pass secrets (like environment variables)
Give the ephemeral resources hard-to-guess names - MY_SECRET:(some md5 hash)
Keep track of who knows your secrets
Comments